Muhammad Khizer Javed

How I was able to get subscription of $120/year For Free | Bug Bounty POC

Muhammad Khizer Javed 6 years ago

About 2 Months ago a friend gave me his wetransfer.com account to send a 15GB file to a friend as he was using WeTransfer Plus subscription that he bought for…

Muhammad Khizer Javed
Security Researcher saved Careem from a Data Breach

Security Researcher saved Careem from a Data Breach

Muhammad Khizer Javed 6 years ago

Careem App is a car booking platform based in UAE which offers traveling services by which people can book a car on their doorstep in a couple of minutes. Careem…

Muhammad Khizer Javed
Unrestricted File Upload to RCE | Bug Bounty POC

Unrestricted File Upload to RCE | Bug Bounty POC

Muhammad Khizer Javed 6 years ago

Hey Guys, Hope all of you guys are doing well, I’m an Active Bug Bounty participant, & also sometimes work as a Freelancer for some extra pocket money :p So…

Muhammad Khizer Javed
My Guide to Basic Recon? | Bug Bounties + Recon | Amazing Love story.

My Guide to Basic Recon? | Bug Bounties + Recon | Amazing Love story.

Muhammad Khizer Javed 7 years ago

Hi All, So I decide to write about the Love story between Bug Bounties & Recon. First of all I’m not much of an Expert so I’m just sharing my…

Muhammad Khizer Javed

UBER Wildcard Subdomain Takeover | BugBounty POC

Muhammad Khizer Javed 7 years ago

Hi All, So Last month i decided to test Uber for Fun & Profit, So while scanning for subdomains to target i found a subdomain “design.uber.com” While navigating to the…

Muhammad Khizer Javed

Accessing Localhost via Vhost | VIRTUAL HOST ENUMERATION | BugBounty POC

Muhammad Khizer Javed 7 years ago

What virtual hosts (or vhosts)? A single web server can be configured to run multiple websites at once, under different domain names. These are the virtual hosts (or vhosts) and…

Muhammad Khizer Javed

What is Subdomain Hijack/Takeover Vulnerability? How to Identify? & Exploit It?

Muhammad Khizer Javed 7 years ago

The POST explains What is Subdomain Hijack/takeover Vulnerability, What are the Impacts of the Vulnerability & How can You prevent such attacks, In addition to this I Tried my best…

Muhammad Khizer Javed

Exploiting Insecure Cross Origin Resource Sharing ( CORS ) | api.artsy.net

Muhammad Khizer Javed 7 years ago

Hey guys! few Months a go i was  testing different sites for CORS (Cross Origin Resource Sharing ) issues so that i can see what actually it is as i…

Muhammad Khizer Javed

Bugcrowd’s Domain & Subdomain Takeover vulnerability!

Muhammad Khizer Javed 7 years ago

Hey, I decided to Write about this Issue because I have seen some people are still confused about “Fastly error: unknown domain” Many Subdomains of BugBounty programs have This error…

Muhammad Khizer Javed

Subdomain Takeover Through Expired Cloudfront Distribution | live.lamborghini.com

Muhammad Khizer Javed 7 years ago

Hey Guys! So I have to accept that I’m a Huge Fan of Lamborghini Cars 👊 So I was just looking at their website lamborghini.com when I decided to scan…